links

contact

Pastebin abused • 27 May 2011

I was looking at a snippet of code on the well-known paste site pastebin.com,
when I noticed a list of 'public pastes'.
I clicked a few, just out of curiosity, expecting to see some interesting program code snippets,
but instead I stumbled upon some strange things,
like logs of computer cracks, copies of conversations with all kinds of private information in them,
and output of what seems to be keyloggers.

I decided to investigate further and wrote a small program which would watch the pastebin.com site
for public pastes and download them all.
See the end of the article for the source code.

These are some things I encountered.
I have changed some details to protect the innocent.

Wifi Cracking

A lot of pastes mention some wifi adapter with Windows INI-like configuration details with them, and encoded passwords etc... I'm not sure what/who pastes these, but it looks like there is some security being attacked:

Keyloggers

Apparently there exist a keylogger out there which sends the data it captures to pastebin.com
(and presumably the URL of the paste to some emailadress of the attacker).
The window title of the app is between [brackets], and what the victim types into the app is on the line after that.
You'll see passwords, emails and chats, and even special keys like [BACK] for Backspace.

Comments

renegade • 28 May 2011

Check out https://encrypted.google.com/search?hl=en&source=hp&biw=&bih=&q=%22BEGIN%20*%20PRIVATE%20KEY%20BLOCK%22 if you really want to be surprised. people postting their private keys on teh internets!

lol • 28 May 2011

god you're lame

blah • 28 May 2011

] presumably the URL of the paste to some emailadress of the attacker
If they had the ability/ willingness to send email to the attacker, they would just send the contents of the paste and bypass pastebin entirely.

shut_the_fuck_up • 28 May 2011

jesus, shut up you fucking fag fag

jooj • 28 May 2011

I think it has always been like that. From the begining.

WhyTheAbusiveComments? • 28 May 2011

Why the abusive comments? Odd.

Harold • 28 May 2011

The bastards! And just look at how they're abusing tinypic -]
[LINK REMOVED]

biff • 28 May 2011

grumpy anons flaming this post?

Carl • 28 May 2011

People have been abusing YouTube for a while as well. Here's an example: http://www.youtube.com/watch?v=dQw4w9WgXcQ

Rick • 29 May 2011

I came for the Rick Roll, and went away satisfied...

anon • 29 May 2011

Pastebin.com is a website where you can store text for a certain period of time. The website is mainly used by programmers to store pieces of sources code or configuration information, but anyone is more than welcome to paste any type of text. The idea behind the site is to make it more convenient for people to share large amounts of text online.
http://pastebin.com/faq

Macuyiko • 29 May 2011

Your first example are not outputs from Wifi cracking. It's the contents of stolen "RSBot_Accounts.ini" files. These files get created by a popular Runescape bot.
The reason why network card information is included is because the bot uses information from the network device (probably some part of the MAC address) to encrypt the password.

Special • 29 May 2011

Such high quality journalistic skills. Do you write for The Star?
Gold medal at the special olympics.

threecheese • 29 May 2011

FYI line 58 s/b 'os.mkdir'.

Paul • 29 May 2011

Holy balls! You discovered the Internet!

anon • 29 May 2011

what's up with you haters? i found it interesting. thanks for the post.

LOL@hackerculture • 29 May 2011

WAAAAAAAAAAAAAAHHHHH, I WANT THE INTERNET TO BE A CRIME RIDDEN CESSPOOL, BECAUSE I'M A BRAINWASHED 15 YEAR OLD ANARCHIST THAT HATES MY PARENTS AND RELIGION. ANON IZ LEGIONZZZZZZZ LULLZZZZZZ. DOWN WITH AUTHORITIES WAAAAAAAAAAAAAAHH WAHHHHHHHHHH.

- • 29 May 2011

Define abuse.

Jeff Dupont • 29 May 2011

Interesting find, although nowhere near as peculiar as the amount of haters who left comments; was this supposed to be some kind of secret that you've *revealed*?
For the key logger bit, I wonder why the programmer who wrote it didn't encrypt the data before storing it to a public site.
Oh well.
*Insert abusive comment*

Name • 29 May 2011

Interesting indeed and the abuse keeps going on. Those comments might indeed be meant to discourage you. Thank you for explaining and sharing this.

@Jeff • 29 May 2011

It's impossible to make criticisms of hacker culture anymore, as the culture has shifted further and further to the left to the point of embracing criminality in toto. Look at HN, reddit, and /.. The slightest whiff of anything resembling conservatism is met with outrage and derision. Meanwhile, criminality is set on a pedestal as "giving it to the man" e.g, the comments above complaining about this blog entry. The irony being of course that the hackers embracing criminality and left wing causes have been propagandized by the very elites that they supposedly rail against. Anon culture and hackers are now Cat's Paws for the international progressive left.

zaq • 29 May 2011

How about obfuscating the passwords so that the victims do get their data spread even further?

Michiel Overtoom • 29 May 2011

@zaq: As I wrote in the article, I have changed all names, passwords and other possibly private information in the examples.

axzc • 29 May 2011

paste 3 shows hackforums.net - eternal home of the script kiddies.

KKK • 29 May 2011

That's an amazing discovery! Have you thought of writing a paper on this?

Aaron • 29 May 2011

Melpomene • 29 May 2011

Here is the code with working intendation (after copypaste) http://pastebin.com/B1xGMPR8

Melpomene • 29 May 2011

I forked this and made it parse a I2P Pastebin (internet invisibility project www.i2p2.de).
http://blog.kejsarmakten.se/all/software/2011/05/29/i2p-pastebin-parser.html

WTF@Jeff • 30 May 2011

@Jeff : What the fuck are you talking about?! Linking criminality with left-wing liberals as if the two were intertwined somehow. Jesus H Christ! Fucking Fox News idiot right there.
I'd say it's more nihilistic tendencies, but then again, I'm not some dumbass who thinks it's the left-wing who are under some propaganda spell.
"Look at HN, reddit, and /.. The slightest whiff of anything resembling conservatism is met with outrage and derision."
Ha ha ha! You're on a roll. Let me guess... Palin 2012?
Fuck me sideways!

anony • 30 May 2011

nice article, but you should have at least blurred out some of the passwords.

mrhinkydink • 30 May 2011

Pastebin and its ilk have always been a great source for "private" proxy lists. And other stuff, as you have demonstrated. But... it's always been that way. No big surprise.

Michiel Overtoom • 30 May 2011

@anony: That's what I did. I munged them a bit so they won't work.

@WTF@Jeff • 30 May 2011

Thank you. I couldn't have said it any better myself.

lolwat • 30 May 2011

loling at this script. u shud totally should make the pastebin filenames more safe.
..\..\..\..\windowslovesu.txt

anonymous • 31 May 2011

wafter • 31 May 2011

My favorite comment here
"It's impossible to make criticisms of hacker culture anymore, as the culture has shifted further and further to the left..."
lol!

wtf • 1 Jun 2011

The keylogger was written by [Zero] and is called cyber-shark...it is available on hacker forum. It is not being detected by AV yet and has been around in current form since at least 3/10/11

brian • 20 Jun 2011

ive seen a few that are now pasting encrypted stop giving them ideas to be more abusive lol

chawker • 23 Jul 2011

LOL what a great discovery. You probably have wonders to unfold in the back of your refrigerator too.

China White • 4 Nov 2011

LOL chawker :))
Well Michael, then just imagine what's going on with the private pastes... It will blow your mind!!! :)

RedditPerson • 30 Dec 2011

I'm just shocked at all the anger in these comments. What just happened here? Did the author shed light on a "secret" that wannabe-hackers and/or immature kids have been using?

reddit_woman • 22 Mar 2014

Oh no! How dare people abuse the holy temple that is Pastebin (peace be upon it)! Shame and shun ye all, evil vile coders and hackers!

surgesurfer • 26 Mar 2015

how do the other pastebins do this?

pastemonitor • 26 Mar 2015

If the content posted on Pastebin is of interest, I built a more general tool for monitoring public pastes that go through it. www.pastemonitor.com lets you watch for specific terms and optionally get alerts when they're found in new public pastes.